At the very basic, eBanqo offers a highly secure experience with different security protocols. Our technology has no security concerns that are different from other systems. We have measures and protocols that comply with your KYC obligations.
Audit and Monitoring
Our systems provide full audit capabilities through event logs and event-based reporting. Our critical infrastructures are configured to generate and send alerts in cases of high utilization which aid events and network monitoring.
Security Policies
We have comprehensive policies that guide the different aspects of our business.
Email Controls
eBanqo emails have been configured to reduce the risk of domain infringement and spamming: SPF, DMARC, MTA-STS, use of attachments, message quarantines etc.
Role-Based Access Control
Our solution provides an approach to restricting system access to authorized users only with full log and tracking.
Vendor Management
To serve our clients, we connect to 3rd party providers that are massive on the global scene. Companies like Google, Amazon, Meta, Zendesk, Freshdesk, Twitter, Zoho, HubSpot, etc.
Server Administration
Our servers are residence in a virtual private cloud with network access control lists (ACLs) that prevent unauthorised requests from getting to our internal network.
Controls and Measures
eBanqo utilises for its systems amongst others; AES Encryption technology, Firewalls. Multi-Factor Authentication for its systems, SSL protection and password protection. Web Application Firewall rules are implemented for DDoS prevention and Key Rotation is performed periodically
Incident Management
eBanqo has a rigorous incident management process for security events that may have effect on the confidentiality, integrity or availability of systems or data. This process specifies courses of action, procedures for notification, escalation, mitigation and documentation. eBanqo’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 80061).
Vulnerability Scanning and
Assessments
Annually, we employ the services of third-party agents to carry out penetration testing on all our platforms. This is in addition to the continuous static testing performed on all projects using code scanners to enforce best practices. Quality Assurance processes, software security reviews and external audits are also used to find other type of issues which are remediated before release to public users.
Data Access and Protection
We have designed requirements for access provisioning, modification and removal; employees are granted access to systems based on the least privilege principle. We keep ourselves updated through routine security awareness trainings to stay updated about the latest trends in the InfoSec world and how to safeguard what has been entrusted upon us. We also regularly review our processes to make sure that we only store the information we need to serve you better.